1 / 15

Previous Gnews

Stay informed about the latest security vulnerabilities and patches released on Patch Tuesday in September. Reports cover critical issues in Microsoft products, Adobe software, Apple devices, Oracle, Cisco, VMWare, and more. Also included are hacking trends, active shooter profiling, and tech events in Dallas and Austin.

aliciaescobar
Download Presentation

Previous Gnews

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Patch Tuesday • Sep – 50 CVE / 40 KB Articles • Reports of 12 or 33 Critical • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • .NET Core • PowerShell Core • SQL Server Management Studio • Microsoft Exchange Server • Azure IoT Edge • Hub Device Client SDK for Azure IoT • Morphus Labs Dashboard - https://patchtuesdaydashboard.com/

  3. Holes / Patches • VMWare • VMSA-2018-0024.1 ( 1 CVE ) • Workspace One, auth bypass • VMSA-2018-0025 ( 1 CVE ) • ESXi, Worksation, Fusion, DoS • Apple • iTunes 12.9 (win) ( 19 CVE ) • iOS 12 ( 38 CVE ) • tvOS 12 ( 25 CVE ) • watchOS 5 ( 13 CVE ) • Safari 12 ( 22 CVE ) • Apple Support 2.4 for iOS ( 1 CVE ) • Xcode 10 ( 1 CVE ) • macOS Mojave 10.14 ( 7 CVE ) • iOS 12.0.1 ( 2 CVE ) • iCloud 7.7 (win) ( 19 CVE ) • Oracle • Come back next week, Due on 16 Oct • Adobe • APSB18-27 Digital Editions, rce ( 9 CVE ) • APSB18-30 Acrobat/Reader, rce ( 86 CVE ) • APSB18-34 Acrobat/Reader, rce ( 7 CVE ) • APSB18-35 Flash Player ( 0 CVE ) • APSB18-36 Experience Manager, id ( 5 CVE ) • APSB18-37 Framemaker, pe ( 1 CVE ) • APSB18-38 Technical Communications Suite, pe ( 1 CVE ) • Cisco • IOS XE – auth bypass • Video Surveillance Manager - rce

  4. Holes / Patches • Intel ME key leak • MS jet 0-day • Windows Handwritting recognition leaves data in cleartext • Windows 1809 stalling after file deletions • Apple device trust score • Mac, apps access sensitive data • Chrome autologin snafu • Google back peddles a little • android updates • firefox 0-day • SUID root vuln • idrac vuln

  5. Hacking • cold boot redux • Xbash, cross paltform wiper • nintendo switch now with nes games • Delphi packer looks for humanness • Xaif cyrpto currency loses 60mil • kodi, now with cryptominers • sony smart tv bug • vizio settles for 17mil (2017 cal) • voicemail to hack wahtsapp

  6. safari / mozilla to block most cookies by default • FB Access Token bounties • GovPayNet popped, 14M • newegg popped • equifax fined • NCIX data broker on craigslist • adobe acquires marketo • Sirius acquires pandora • produce, now with blockchain • Wendy's fingerprints • MS 0365 "no password“ • zoho, cause DNS is hard • mitsubishi brake recall • Crowdefense vuln research hubs exits beta Corp

  7. Cloudflare to drop Encrypted SNI • TRADE - taxii with block chain from IBM • Chegg popped • FB popped • insecure mongo • FB addes phone to ad data • palo to buy redlock • supply chain breach that wasnt • china chips • apple amazon say nope • Google + data leak Corp

  8. Govt • privacy not invited to privacy hearing • MMA • journalist monitoring via FISA • military approved hack back • nss labs vs ... • bye bye vredit freeze fees • fb vs bob smtih • Fosta case dismissed • CA IoT Bill passed • CA LEO Transparancey bill passed • FDA launches new security unit • iphone passcode bypass • forced face id

  9. Papers Active shooter profiling https://publicintelligence.net/fbi-active-shooters-indicators/

  10. WTF we're losing spotify/ansectory offer custom dna playlist data as currency

  11. Tools OWASP SEC Champ Playbook dragonfly (googles censored android app) delete yo'self free streaming round up yubikey5 with fido2

  12. Past Cons NTXISSAC6 Derby Con

  13. Future Cons Future of Blockchain 10-13 Oct – Dallas LASCON 25-26 Oct – Austin Thunder Plains 1 Nov – OKC Root66 1 Nov – OKC BSidesDFW 3 Nov – Richland College

  14. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) 0-day All Day @0Dayallday ( 29 Sep / Quarterly / DFW ) Where

  15. All images scavenged without permission All images scavenged without permission

More Related